R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ls0.net/home.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.coolsearch.biz/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tiny.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://dohuhg.t.muxa.cc/s.php?aid=227 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
file://C:\DOCUME~1\Viren\LOCALS~1\Temp\sp.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://dohuhg.t.muxa.cc/h.php?aid=227 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
file://C:\DOCUME~1\Viren\LOCALS~1\Temp\sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ls0.net/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
http://ls0.net/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
file://C:\DOCUME~1\Viren\LOCALS~1\Temp\sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://ls0.net/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll
F3 - REG:win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKLM\..\Run: [fknr0tWl] C:\documents and settings\viren\local settings\temp\fknr0tWl.exe
O4 - HKLM\..\Run: [s7ri35S] icmcnl32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winsyl32.exe
O4 - HKLM\..\Run: [0OSrEbXD] C:\documents and settings\viren\local settings\temp\0OSrEbXD.exe
O4 - HKLM\..\Run: [NUSp] C:\documents and settings\viren\local settings\temp\NUSp.exe
O4 - HKLM\..\Run: [9GixY] C:\documents and settings\viren\local settings\temp\9GixY.exe
O4 - HKLM\..\Run: [Asmw] C:\documents and settings\viren\local settings\temp\Asmw.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [8KcZH] C:\documents and settings\viren\local settings\temp\8KcZH.exe
O4 - HKLM\..\Run: [P] c:\documents and settings\viren\local settings\temp\P.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKCU\..\Run: [dw0sRRe5h] uxtsevt.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1024.dll,InstantAccess
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} -
http://63.217.29.115/cax_gb.cabO16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
http://www.thepaymentcentre.com/build/vxiewer.cabO16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) -
http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1024_EN_XP.cabO16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) -
http://www.thepaymentcentre.com/build/vbiewer.cabO16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/420/online.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/s/x.chm::/ad.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} -
file://C:\Recycled\Q330995.exeO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) -
http://62.4.84.150/data/sc.cabO16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} -
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cabO16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cabO16 - DPF: {8B936702-C234-40D0-B69C-A2F669A33978} -
http://akamai.downloadv3.com/binaries/LiveService/LiveService_7_EN_XP.cabO16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
http://www.netvenda.com/sites/games-gb/gb/games4.cabO16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) -
http://www.mt-download.com/MediaTicketsInstaller.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab31267.cabO16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) -
http://goto.tria-com.net/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) -
http://www.sponsoradulto.com/en/SysWebTelecom.cabO16 - DPF: {F4653484-F38C-455F-BB15-1175E527754E} (VideoProducer Class) -
http://www.jointheorgy.com/static/class/webcam2.cabO16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) -
http://download.overpro.com/WildAppNonUS.cabO16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} -
http://direct.data-line.us/gba208.exeO16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} -
http://direct.data-line.us/gba208.exeO18 - Filter: text/html - {72BC8742-3D3A-4D16-878D-0271459613FA} - C:\WINDOWS\System32\ealg.dll
O18 - Filter: text/plain - {72BC8742-3D3A-4D16-878D-0271459613FA} - C:\WINDOWS\System32\ealg.dll
O19 - User stylesheet: C:\WINDOWS\color.css
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Onfindmi.dll (file missing)
We can´t take it all in one step, because there is more than one infection. 
well heres my new hijck report..
|